Security update for freerdp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0761-1 Final 1 1 2026-03-03T12:40:21Z current 2026-03-03T12:40:21Z 2026-03-03T12:40:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freerdp This update for freerdp fixes the following issues: - CVE-2026-22855: heap-buffer-overflow in smartcard_unpack_set_attrib_call (bsc#1256721). - CVE-2026-22857: heap-use-after-free in irp_thread_func (bsc#1256723). - CVE-2026-23533: improper validation can lead to heap buffer overflow in `clear_decompress_residual_data` (bsc#1256943). - CVE-2026-23732: improper validation can lead to heap buffer overflow in `Glyph_Alloc` (bsc#1256945). - CVE-2026-23883: use-after-free when `update_pointer_color` and `freerdp_image_copy_from_pointer_data` fail (bsc#1256946). - CVE-2026-23884: use-after-free in `gdi_set_bounds` (bsc#1256947). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-761,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-761,openSUSE-SLE-15.6-2026-761 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260761-1/ Link for SUSE-SU-2026:0761-1 https://lists.suse.com/pipermail/sle-security-updates/2026-March/024555.html E-Mail link for SUSE-SU-2026:0761-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1256721 SUSE Bug 1256721 https://bugzilla.suse.com/1256723 SUSE Bug 1256723 https://bugzilla.suse.com/1256943 SUSE Bug 1256943 https://bugzilla.suse.com/1256945 SUSE Bug 1256945 https://bugzilla.suse.com/1256946 SUSE Bug 1256946 https://bugzilla.suse.com/1256947 SUSE Bug 1256947 https://www.suse.com/security/cve/CVE-2026-22855/ SUSE CVE CVE-2026-22855 page https://www.suse.com/security/cve/CVE-2026-22857/ SUSE CVE CVE-2026-22857 page https://www.suse.com/security/cve/CVE-2026-23533/ SUSE CVE CVE-2026-23533 page https://www.suse.com/security/cve/CVE-2026-23732/ SUSE CVE CVE-2026-23732 page https://www.suse.com/security/cve/CVE-2026-23883/ SUSE CVE CVE-2026-23883 page https://www.suse.com/security/cve/CVE-2026-23884/ SUSE CVE CVE-2026-23884 page SUSE Linux Enterprise Module for Package Hub 15 SP7 openSUSE Leap 15.6 freerdp-2.11.2-150600.4.12.1 freerdp-devel-2.11.2-150600.4.12.1 freerdp-proxy-2.11.2-150600.4.12.1 freerdp-server-2.11.2-150600.4.12.1 freerdp-wayland-2.11.2-150600.4.12.1 libfreerdp2-2-2.11.2-150600.4.12.1 libuwac0-0-2.11.2-150600.4.12.1 libwinpr2-2-2.11.2-150600.4.12.1 uwac0-0-devel-2.11.2-150600.4.12.1 winpr-devel-2.11.2-150600.4.12.1 uwac0-0-devel-2.11.2-150600.4.12.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 freerdp-2.11.2-150600.4.12.1 as a component of openSUSE Leap 15.6 freerdp-devel-2.11.2-150600.4.12.1 as a component of openSUSE Leap 15.6 freerdp-proxy-2.11.2-150600.4.12.1 as a component of openSUSE Leap 15.6 freerdp-server-2.11.2-150600.4.12.1 as a component of openSUSE Leap 15.6 freerdp-wayland-2.11.2-150600.4.12.1 as a component of openSUSE Leap 15.6 libfreerdp2-2-2.11.2-150600.4.12.1 as a component of openSUSE Leap 15.6 libuwac0-0-2.11.2-150600.4.12.1 as a component of openSUSE Leap 15.6 libwinpr2-2-2.11.2-150600.4.12.1 as a component of openSUSE Leap 15.6 uwac0-0-devel-2.11.2-150600.4.12.1 as a component of openSUSE Leap 15.6 winpr-devel-2.11.2-150600.4.12.1 as a component of openSUSE Leap 15.6 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1. CVE-2026-22855 SUSE Linux Enterprise Module for Package Hub 15 SP7:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-proxy-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-server-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-wayland-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libfreerdp2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libuwac0-0-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libwinpr2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:winpr-devel-2.11.2-150600.4.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260761-1/ https://www.suse.com/security/cve/CVE-2026-22855.html CVE-2026-22855 https://bugzilla.suse.com/1256721 SUSE Bug 1256721 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1. CVE-2026-22857 SUSE Linux Enterprise Module for Package Hub 15 SP7:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-proxy-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-server-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-wayland-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libfreerdp2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libuwac0-0-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libwinpr2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:winpr-devel-2.11.2-150600.4.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260761-1/ https://www.suse.com/security/cve/CVE-2026-22857.html CVE-2026-22857 https://bugzilla.suse.com/1256723 SUSE Bug 1256723 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23533 SUSE Linux Enterprise Module for Package Hub 15 SP7:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-proxy-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-server-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-wayland-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libfreerdp2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libuwac0-0-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libwinpr2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:winpr-devel-2.11.2-150600.4.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260761-1/ https://www.suse.com/security/cve/CVE-2026-23533.html CVE-2026-23533 https://bugzilla.suse.com/1256943 SUSE Bug 1256943 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client-side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue. CVE-2026-23732 SUSE Linux Enterprise Module for Package Hub 15 SP7:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-proxy-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-server-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-wayland-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libfreerdp2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libuwac0-0-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libwinpr2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:winpr-devel-2.11.2-150600.4.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260761-1/ https://www.suse.com/security/cve/CVE-2026-23732.html CVE-2026-23732 https://bugzilla.suse.com/1256945 SUSE Bug 1256945 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client-side use after free, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23883 SUSE Linux Enterprise Module for Package Hub 15 SP7:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-proxy-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-server-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-wayland-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libfreerdp2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libuwac0-0-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libwinpr2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:winpr-devel-2.11.2-150600.4.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260761-1/ https://www.suse.com/security/cve/CVE-2026-23883.html CVE-2026-23883 https://bugzilla.suse.com/1256946 SUSE Bug 1256946 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client-side use after free, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue. CVE-2026-23884 SUSE Linux Enterprise Module for Package Hub 15 SP7:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-proxy-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-server-2.11.2-150600.4.12.1 openSUSE Leap 15.6:freerdp-wayland-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libfreerdp2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libuwac0-0-2.11.2-150600.4.12.1 openSUSE Leap 15.6:libwinpr2-2-2.11.2-150600.4.12.1 openSUSE Leap 15.6:uwac0-0-devel-2.11.2-150600.4.12.1 openSUSE Leap 15.6:winpr-devel-2.11.2-150600.4.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260761-1/ https://www.suse.com/security/cve/CVE-2026-23884.html CVE-2026-23884 https://bugzilla.suse.com/1256947 SUSE Bug 1256947